Apple Safari receives update with Lion release; 58 bugs fixed

Apple has updated its Safari browser to
version 5.1 in a major upgrade that patches over 58 flaws. Several new features have also been
added to the browser, including 'sandboxing'. Safari version 5.1
comes pre-bundled with Apple’s new operating system, OS X 10.7 or ‘Lion’, which was also released
yesterday.

In all, 58 flaws were patched of which,

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

14 are Windows platform specific, one is OS X
specific, and the remaining 44 impact both platforms. As many as 47 of the flaws may allow
‘arbitrary code execution’ on machines running Safari.

According to this support
article, The update also patches bugs that could lead to disclosure of information and XSS
vulnerabilities. Apple has refrained from disclosing or discussing the details of the
vulnerabilities to prevent them being exploited before users have had a chance to upgrade to the
latest versions.

WebKit, the open
source browser engine that lies at Safari’s core was the component receiving most of the fixes.
Apple cited ‘memory corruption issues’ in WebKit which may lead to ‘arbitrary code execution’ by
merely visiting a maliciously crafted website.

In addition to the fixes, several new features have been added to Safari which includes ‘Reading
list’, a feature that eliminates web ads from content saved for offline browsing. Safari 5 also
boasts features which are available only on OS X Lion like multi-touch support, full-screen
browsing and sandboxing.

The sandboxing feature will help thwart ‘drive-by’ attacks since any code executed within the
browser will now be insulated from the rest of the operating system and application environment.
This is the same mechanism used by Google’s Chrome browser, which also uses the WebKit engine.

Safari 5.1 runs on OS X 10.7 ‘Lion’ and OS X 10.6 ‘Snow Leopard’. Users of previous versions of
OS X, OS X 10.5 or ‘Leopard’ must download Safari version 5.0.6. This is the second major update to
Safari this year — the last being in March when over 60 bugs were patched.

Safari is available for download on the Apple website and also through Apple’s software
update feature on both Windows and OS X, for existing users of Safari. More information on the
update is available in this knowledgebase article.

Major IT companies like Black Hat and Google spoke out against the proposed Wassenaar Arrangement rules for cybersecurity software, and those protests have caused the U.S. Dept. of Commerce to commit to drafting new rules.

News roundup: New threats add to the Tor anonymity debate as a new browser aims to take anonymous browsing to the next level. Plus: Android security outlook bad -- or is it?; another Xen host escape flaw; Wassenaar revisions put on hold.